package com.bizihang.common.security.browser;

import com.bizihang.common.security.browser.session.DefaultExpiredSessionStrategy;
import com.bizihang.common.security.browser.session.DefaultInvalidSessionStrategy;
import com.bizihang.common.security.core.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;

/**
 * 浏览器环境下扩展点配置，配置在这里的bean，业务系统都可以通过声明同类型或同名的bean来覆盖安全模块默认的配置。
 *
 * @author 毕子航 951755883@qq.com
 * @date 2018/11/7
 */
@Configuration
public class BrowserBeanSecurityConfig {

	@Autowired
	private SecurityProperties securityProperties;

	/**
	 * session失效时的处理策略配置
	 *
	 * @return
	 */
	@Bean
	@ConditionalOnMissingBean(InvalidSessionStrategy.class)
	public InvalidSessionStrategy invalidSessionStrategy() {
		return new DefaultInvalidSessionStrategy(securityProperties);
	}

	/**
	 * 并发登录导致前一个session失效时的处理策略配置
	 *
	 * @return
	 */
	@Bean
	@ConditionalOnMissingBean(SessionInformationExpiredStrategy.class)
	public SessionInformationExpiredStrategy sessionInformationExpiredStrategy() {
		return new DefaultExpiredSessionStrategy(securityProperties);
	}
}
